Former CISSP developer who understands security from the code level up. Secure code review, application hardening, and DevSecOps practices that don't slow you down.
I'm a developer first, with deep security expertise. Having held my CISSP certification from 2001-2010, I understand security frameworks and risk management—but my real strength is knowing how vulnerabilities are actually introduced in code and how to prevent them at the source.
This isn't about compliance checkboxes. It's about building software that's secure by design, with security integrated into your development workflow rather than tacked on at the end.
Practical security for development teams
Manual code review focused on security vulnerabilities. I find what automated tools miss.
Strengthen your application's defenses. Security headers, CSP policies, and configuration hardening.
Security in your CI/CD pipeline. Automated scanning, dependency checks, and security gates that don't block velocity.
Practical security training for development teams. Real vulnerabilities, real code, real fixes.
Server hardening and infrastructure security. Secure configurations for Linux servers and cloud environments.
Technical support for security compliance. Help implementing controls required by ISO 27001, SOC2, and NIS2.
Former CISSP with knowledge across all eight domains of information security
While my primary background is in software development and DevOps, I have deep experience in application security. My former CISSP certification (2001-2010) represents my commitment to this discipline.
I'm particularly interested in roles that combine development expertise with security responsibilities—Security Engineer, Application Security Specialist, or DevSecOps positions where understanding both the code and the security landscape is valuable.
If you're looking for someone who can bridge the gap between development teams and security requirements, let's talk.
Let's discuss how to integrate security into your development process.
Schedule a security discussion